The Impossibility of Realizable Ideal Functionality

Full textClick to download.
CitationCryptology ePrint Archive: Report 2005/211, July 2005
AuthorsAnupam Datta
Ante Derek
John C. Mitchell
Ajith Ramanathan
Andre Scedrov


A cryptographic primitive or a security mechanism can be specified in a variety of ways, such as a condition involving a game against an attacker, construction of an ideal functionality, or a list of properties that must hold in the face of attack. One reason that an ideal functionality is appealing is that if an implementation cannot be distinguished from an ideal functionality, by any feasible attack in any environment, then the mechanism is therefore secure in any larger system that uses it. We make accepted aspects of ideal functionality precise by relating ideal functionality to game specifications, and show that bit commitment, group signatures, and other cryptographic concepts do not have any realizable ideal functionality. This suggests that in order to developed, or another specification method must be used.

Back to publications
Back to previous page